mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-24 05:40:16 +00:00
Merge pull request #498 from Zeik0s/master
AES Encryption instead of 3DES
This commit is contained in:
commit
d569034117
5 changed files with 18 additions and 5 deletions
0
Default.txt
Executable file → Normal file
0
Default.txt
Executable file → Normal file
|
@ -90,7 +90,7 @@ one for your new phone. Or even if you suspect that a cert may have been compro
|
|||
just revoke it and generate a new one.
|
||||
|
||||
"pivpn list"
|
||||
If you add more than a few clients, this gives you a nice list of thier names and whether their certificate
|
||||
If you add more than a few clients, this gives you a nice list of their names and whether their certificate
|
||||
is still valid or has been revoked. Great way to keep track of what you did with 'pivpn add' and 'pivpn revoke'.
|
||||
|
||||
You can run just 'pivpn' to see all the options.
|
||||
|
|
|
@ -695,6 +695,7 @@ setClientDNS() {
|
|||
Level3 "" off
|
||||
DNS.WATCH "" off
|
||||
Norton "" off
|
||||
FamilyShield "" off
|
||||
Custom "" off)
|
||||
|
||||
if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
|
||||
|
@ -734,6 +735,13 @@ setClientDNS() {
|
|||
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
|
||||
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
|
||||
;;
|
||||
FamilyShield)
|
||||
echo "::: Using FamilyShield servers."
|
||||
OVPNDNS1="208.67.222.123"
|
||||
OVPNDNS2="208.67.220.123"
|
||||
$SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
|
||||
$SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
|
||||
;;
|
||||
Custom)
|
||||
until [[ $DNSSettingsCorrect = True ]]
|
||||
do
|
||||
|
|
|
@ -121,11 +121,11 @@ function keyPASS() {
|
|||
expect eof
|
||||
EOF
|
||||
|
||||
#Convert key to des3
|
||||
#Convert key to aes128
|
||||
KEY_FILE="pki/private/${NAME}${KEY}"
|
||||
expect << EOF
|
||||
set timeout -1
|
||||
spawn openssl rsa -in ${KEY_FILE} -des3 -out ${KEY_FILE}
|
||||
spawn openssl rsa -in ${KEY_FILE} -aes128 -out ${KEY_FILE}
|
||||
expect "Enter pass phrase" { send "${PASSWD}\r" }
|
||||
expect "Enter PEM pass phrase" { send "${PASSWD}\r" }
|
||||
expect "Verifying - Enter PEM pass phrase" { send "${PASSWD}\r" }
|
||||
|
@ -141,8 +141,8 @@ if [ -z "${NAME}" ]; then
|
|||
read -r NAME
|
||||
fi
|
||||
|
||||
if [[ "${NAME}" =~ [^a-zA-Z0-9] ]]; then
|
||||
echo "Name can only contain alphanumeric characters."
|
||||
if [[ "${NAME}" =~ [^a-zA-Z0-9\-] ]]; then
|
||||
echo "Name can only contain alphanumeric characters and dashes (-)."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
5
server_config.txt
Executable file → Normal file
5
server_config.txt
Executable file → Normal file
|
@ -10,6 +10,8 @@ server 10.8.0.0 255.255.255.0
|
|||
# Set your primary domain name server address for clients
|
||||
push "dhcp-option DNS 8.8.8.8"
|
||||
push "dhcp-option DNS 8.8.4.4"
|
||||
# Prevent DNS leaks on Windows
|
||||
push "block-outside-dns"
|
||||
# Override the Client default gateway by using 0.0.0.0/1 and
|
||||
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
|
||||
# overriding but not wiping out the original default gateway.
|
||||
|
@ -31,4 +33,7 @@ status /var/log/openvpn-status.log 20
|
|||
status-version 3
|
||||
syslog
|
||||
verb 3
|
||||
#DuplicateCNs allow access control on a less-granular, per user basis.
|
||||
#Remove # if you will manage access by user instead of device.
|
||||
#duplicate-cn
|
||||
# Generated for use by PiVPN.io
|
||||
|
|
Loading…
Reference in a new issue